Essential CISM: Updated for the 15th Edition CISM Review Manual

by Phil Martin

While some security managers view auditors as a necessary evil, they can in fact be a great ally. Aside from the fact that an auditor can provide an objective assessment of security, audit results can often be used to emphasize much-needed actions to senior management. However, this will never be effective unless the security manager ensures that the necessary time and resources are dedicated to audit activities.

While an audit simply provides a snapshot of compliance in time, compliance enforcement is a never-ending activity, and is normally shared across the entire organization.